diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 8cf53e1b..00000000 --- a/.travis.yml +++ /dev/null @@ -1,60 +0,0 @@ -language: python - -python: - - '2.6' - - '2.7' - - 'pypy' -install: - - pip install -e . -env: - - DB=sqlite:memory - - DB=mysql://root:@localhost/test_w2p - - DB=postgres://postgres:@localhost/test_w2p - - DB=google:datastore -# - DB=google:datastore+ndb - - DB=mongodb://mongodb:mongodb@localhost/test_w2p - - DB=imap://imap:imap@localhost:993 -before_script: - - if [[ $TRAVIS_PYTHON_VERSION != '2.7' ]]; then pip install unittest2; fi - - if [[ $TRAVIS_PYTHON_VERSION == '2.7' ]]; then pip install coverage; fi; - - if [[ $TRAVIS_PYTHON_VERSION == '2.7' ]]; then pip install python-coveralls; fi - - if [[ $DB == postgres* ]]; then pip install psycopg2; fi; - - if [[ $TRAVIS_PYTHON_VERSION == '2.5' ]]; then pip install pysqlite; fi - - if [[ $DB == mysql* ]]; then mysql -e 'create database test_w2p;'; fi - - if [[ $DB == postgres* ]]; then psql -c 'create database test_w2p;' -U postgres; fi - - # Install last sdk for app engine (update only whenever a new release is available) - - if [[ $DB == google* ]]; then wget http://googleappengine.googlecode.com/files/google_appengine_1.8.9.zip -nv; fi - - if [[ $DB == google* ]]; then unzip -q google_appengine_1.8.9.zip; fi - - if [[ $DB == google* ]]; then mv -f ./google_appengine/google ./google; fi - - - if [[ $DB == mongodb* ]]; then pip install pymongo; fi - - if [[ $DB == mongodb* ]]; then mongo test_w2p --eval 'db.addUser("mongodb", "mongodb");'; fi - - #Temporal solution to travis issue #155 - - sudo chmod 777 /dev/shm - - sudo rm -rf /dev/shm && sudo ln -s /run/shm /dev/shm -matrix: - exclude: - - python: 'pypy' - env: DB=postgres://postgres:@localhost/test_w2p - - python: 'pypy' - env: DB=mysql://root:@localhost/test_w2p - - python: 'pypy' - env: DB=google:datastore - - python: '2.6' - env: DB=google:datastore -# - python: '2.6' -# env: DB=google:datastore+ndb - - -script: export COVERAGE_PROCESS_START=gluon/tests/coverage.ini; ./web2py.py --run_system_tests --with_coverage -after_success: - - if [[ $TRAVIS_PYTHON_VERSION == '2.7' ]]; then coverage combine; fi - - if [[ $TRAVIS_PYTHON_VERSION == '2.7' ]]; then coveralls --config_file=gluon/tests/coverage.ini; fi - -notifications: - email: true - -services: mongodb - diff --git a/VERSION b/VERSION index d56715be..f5dc7710 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -Version 2.9.5-trunk+timestamp.2014.05.26.23.58.37 +Version 2.9.5-trunk+timestamp.2014.06.07.23.52.05 diff --git a/gluon/tools.py b/gluon/tools.py index b433b4a5..964abcb9 100644 --- a/gluon/tools.py +++ b/gluon/tools.py @@ -998,6 +998,7 @@ class Auth(object): retrieve_username_captcha=None, retrieve_password_captcha=None, captcha=None, + prevent_open_redirects=True, expiration=3600, # one hour long_expiration=3600 * 30 * 24, # one month remember_me_form=True, @@ -2327,6 +2328,10 @@ class Auth(object): ### use session for federated login snext = self.get_vars_next() + if snext and self.settings.prevent_open_redirects: + if not snext.split('/')[2] == request.env.http_host: + snext = None + if snext: session._auth_next = snext elif session._auth_next: